Polishing

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration.java

@@ -101,8 +101,8 @@ public class ManagementWebSecurityAutoConfiguration {
 	}
 
 	@Configuration
-	protected static class ManagementSecurityPropertiesConfiguration
+	protected static class ManagementSecurityPropertiesConfiguration implements
-			implements SecurityPrerequisite {
+			SecurityPrerequisite {
 
 		@Autowired(required = false)
 		private SecurityProperties security;
@@ -122,8 +122,8 @@ public class ManagementWebSecurityAutoConfiguration {
 
 	// Get the ignored paths in early
 	@Order(SecurityProperties.IGNORED_ORDER + 1)
-	private static class IgnoredPathsWebSecurityConfigurerAdapter
+	private static class IgnoredPathsWebSecurityConfigurerAdapter implements
-			implements WebSecurityConfigurer<WebSecurity> {
+			WebSecurityConfigurer<WebSecurity> {
 
 		@Autowired(required = false)
 		private ErrorController errorController;
@@ -152,8 +152,8 @@ public class ManagementWebSecurityAutoConfiguration {
 			List<String> ignored = SpringBootWebSecurityConfiguration
 					.getIgnored(this.security);
 			if (!this.management.getSecurity().isEnabled()) {
-				ignored.addAll(
+				ignored.addAll(Arrays.asList(EndpointPaths
-						Arrays.asList(EndpointPaths.get(this.endpointHandlerMapping)));
+						.get(this.endpointHandlerMapping)));
 			}
 			if (ignored.contains("none")) {
 				ignored.remove("none");
@@ -192,13 +192,12 @@ public class ManagementWebSecurityAutoConfiguration {
 		@Override
 		public ConditionOutcome getMatchOutcome(ConditionContext context,
 				AnnotatedTypeMetadata metadata) {
-			String managementEnabled = context.getEnvironment()
+			String managementEnabled = context.getEnvironment().getProperty(
-					.getProperty("management.security.enabled", "true");
+					"management.security.enabled", "true");
-			String basicEnabled = context.getEnvironment()
+			String basicEnabled = context.getEnvironment().getProperty(
-					.getProperty("security.basic.enabled", "true");
+					"security.basic.enabled", "true");
-			return new ConditionOutcome(
+			return new ConditionOutcome("true".equalsIgnoreCase(managementEnabled)
-					"true".equalsIgnoreCase(managementEnabled)
+					&& !"true".equalsIgnoreCase(basicEnabled),
-							&& !"true".equalsIgnoreCase(basicEnabled),
 					"Management security enabled and basic disabled");
 		}
 
@@ -208,8 +207,8 @@ public class ManagementWebSecurityAutoConfiguration {
 	@ConditionalOnMissingBean({ ManagementWebSecurityConfigurerAdapter.class })
 	@ConditionalOnProperty(prefix = "management.security", name = "enabled", matchIfMissing = true)
 	@Order(ManagementServerProperties.BASIC_AUTH_ORDER)
-	protected static class ManagementWebSecurityConfigurerAdapter
+	protected static class ManagementWebSecurityConfigurerAdapter extends
-			extends WebSecurityConfigurerAdapter {
+			WebSecurityConfigurerAdapter {
 
 		@Autowired
 		private SecurityProperties security;
@@ -235,8 +234,8 @@ public class ManagementWebSecurityAutoConfiguration {
 			if (this.endpointHandlerMapping == null) {
 				ApplicationContext context = (this.contextResolver == null ? null
 						: this.contextResolver.getApplicationContext());
-				if (context != null && context
+				if (context != null
-						.getBeanNamesForType(EndpointHandlerMapping.class).length > 0) {
+						&& context.getBeanNamesForType(EndpointHandlerMapping.class).length > 0) {
 					this.endpointHandlerMapping = context
 							.getBean(EndpointHandlerMapping.class);
 				}
@@ -296,8 +295,9 @@ public class ManagementWebSecurityAutoConfiguration {
 		private void configurePermittedRequests(
 				ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry requests) {
 			// Permit access to the non-sensitive endpoints
-			requests.requestMatchers(new EndpointPathRequestMatcher(
+			requests.requestMatchers(
-					EndpointPaths.get(this.endpointHandlerMapping, false))).permitAll();
+					new EndpointPathRequestMatcher(EndpointPaths.get(
+							this.endpointHandlerMapping, false))).permitAll();
 			// Restrict the rest to the configured role
 			requests.anyRequest().hasRole(this.management.getSecurity().getRole());
 		}

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java

@@ -16,12 +16,6 @@
 
 package org.springframework.boot.actuate.endpoint.mvc;
 
-import static org.hamcrest.Matchers.startsWith;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
 import org.junit.After;
 import org.junit.Test;
 import org.springframework.boot.actuate.autoconfigure.EndpointAutoConfiguration;
@@ -47,6 +41,12 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.test.web.servlet.setup.MockMvcConfigurer;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
+import static org.hamcrest.Matchers.startsWith;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
 /**
  * Integration tests for the Actuator's MVC endpoints.
  *
@@ -61,6 +61,7 @@ public class MvcEndpointIntegrationTests {
 	@After
 	public void close() {
 		TestSecurityContextHolder.clearContext();
+		this.context.close();
 	}
 
 	@Test
@@ -131,7 +132,8 @@ public class MvcEndpointIntegrationTests {
 	@Test
 	public void sensitiveEndpointsAreSecureWithNonAdminRoleWithCustomContextPath()
 			throws Exception {
-		TestSecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "N/A", "ROLE_USER"));
+		TestSecurityContextHolder.getContext().setAuthentication(
+				new TestingAuthenticationToken("user", "N/A", "ROLE_USER"));
 		this.context = new AnnotationConfigWebApplicationContext();
 		this.context.register(SecureConfiguration.class);
 		EnvironmentTestUtils.addEnvironment(this.context,
@@ -143,7 +145,8 @@ public class MvcEndpointIntegrationTests {
 	@Test
 	public void sensitiveEndpointsAreSecureWithAdminRoleWithCustomContextPath()
 			throws Exception {
-		TestSecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "N/A", "ROLE_ADMIN"));
+		TestSecurityContextHolder.getContext().setAuthentication(
+				new TestingAuthenticationToken("user", "N/A", "ROLE_ADMIN"));
 		this.context = new AnnotationConfigWebApplicationContext();
 		this.context.register(SecureConfiguration.class);
 		EnvironmentTestUtils.addEnvironment(this.context,
@@ -179,8 +182,8 @@ public class MvcEndpointIntegrationTests {
 		EnvironmentTestUtils.addEnvironment(this.context,
 				"spring.jackson.serialization.indent-output:true");
 		MockMvc mockMvc = createMockMvc();
-		mockMvc.perform(get("/beans"))
+		mockMvc.perform(get("/beans")).andExpect(
-				.andExpect(content().string(startsWith("{" + LINE_SEPARATOR)));
+				content().string(startsWith("{" + LINE_SEPARATOR)));
 	}
 
 	private MockMvc createMockMvc() {
@@ -202,8 +205,8 @@ public class MvcEndpointIntegrationTests {
 	}
 
 	@ImportAutoConfiguration({ JacksonAutoConfiguration.class,
-			HttpMessageConvertersAutoConfiguration.class, EndpointAutoConfiguration.class,
+			HttpMessageConvertersAutoConfiguration.class,
-			EndpointWebMvcAutoConfiguration.class,
+			EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class,
 			PropertyPlaceholderAutoConfiguration.class, WebMvcAutoConfiguration.class })
 	static class DefaultConfiguration {
@@ -221,8 +224,8 @@ public class MvcEndpointIntegrationTests {
 
 	@ImportAutoConfiguration({ HypermediaAutoConfiguration.class,
 			RepositoryRestMvcAutoConfiguration.class, JacksonAutoConfiguration.class,
-			HttpMessageConvertersAutoConfiguration.class, EndpointAutoConfiguration.class,
+			HttpMessageConvertersAutoConfiguration.class,
-			EndpointWebMvcAutoConfiguration.class,
+			EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
 			ManagementServerPropertiesAutoConfiguration.class,
 			PropertyPlaceholderAutoConfiguration.class, WebMvcAutoConfiguration.class })
 	static class SpringDataRestConfiguration {